panic while ripping a CDROM (via ATA)

From: Thierry Herbelot <thierry_at_herbelot.com>
Date: Tue, 27 Apr 2004 20:56:00 +0200
Hello,

It seems I hit a recurrent panic, while ripping an audio CD on an ATAPI drive 
with kaudiocreator (from kdemultimedia-3.2.2, compiled locally).

what should I send to have a better bug report ?

the panic backtrace is :
(kgdb) where
#0  doadump () at /files3/src/sys/kern/kern_shutdown.c:236
#1  0xc05e6861 in boot (howto=260) at /files3/src/sys/kern/kern_shutdown.c:370
#2  0xc05e6ba3 in __panic () at /files3/src/sys/kern/kern_shutdown.c:548
#3  0xc045cf37 in db_panic () at /files3/src/sys/ddb/db_command.c:453
#4  0xc045cec4 in db_command (last_cmdp=0xc08654a0, cmd_table=0x0,
    aux_cmd_tablep=0xc07e70fc, aux_cmd_tablep_end=0xc07e7114)
    at /files3/src/sys/ddb/db_command.c:348
#5  0xc045cfa4 in db_command_loop () at /files3/src/sys/ddb/db_command.c:475
#6  0xc045f739 in db_trap (type=12, code=0) 
at /files3/src/sys/ddb/db_trap.c:73
#7  0xc0747759 in kdb_trap (type=12, code=0, regs=0xcd347c60)
    at /files3/src/sys/i386/i386/db_interface.c:159
#8  0xc0759f3b in trap_fatal (frame=0xcd347c60, eva=3273337668)
    at /files3/src/sys/i386/i386/trap.c:810
#9  0xc0759c7f in trap_pfault (frame=0xcd347c60, usermode=0, eva=3273337668)
    at /files3/src/sys/i386/i386/trap.c:733
#10 0xc07598e1 in trap (frame=
      {tf_fs = 24, tf_es = -852230128, tf_ds = -1067515888, tf_edi = 
-1021629628, tf_esi = -1028144640, tf_ebp = -852198208, tf_isp = -852198260, 
tf_ebx = 0, tf_edx = 368, tf_ecx = 9, tf_eax = -1021662556, tf_trapno = 12, 
tf_err = 2, tf_eip = -1068808346, tf_cs = 8, tf_eflags = 66050, tf_esp = 
-1051786592, tf_ss = -1051822448}) at /files3/src/sys/i386/i386/trap.c:420
#11 0xc04b4766 in ata_pio_read (request=0xc31aaa8c, length=18)
    at machine/cpufunc.h:217
---Type <return> to continue, or q <return> to quit---
#12 0xc04b25b1 in ata_generic_interrupt (data=0xc2b7c200)
    at /files3/src/sys/dev/ata/ata-lowlevel.c:461
#13 0xc05d6c30 in ithread_loop (arg=0xc2ac9080)
    at /files3/src/sys/kern/kern_intr.c:574
#14 0xc05d5f78 in fork_exit (callout=0xc05d6a8c <ithread_loop>,
    arg=0xc2ac9080, frame=0xcd347d48) at /files3/src/sys/kern/kern_fork.c:816


(kgdb) up
#12 0xc04b25b1 in ata_generic_interrupt (data=0xc2b7c200)
    at /files3/src/sys/dev/ata/ata-lowlevel.c:461
461                 ata_pio_read(request, length);
(kgdb) list
456                     ata_prtdev(request->device,
457                                "%s trying to read on write buffer\n",
458                                ata_cmd2str(request));
459                     break;
460                 }
461                 ata_pio_read(request, length);
462                 request->donecount += length;
463
464                 /* set next transfer size according to HW capabilities */
465                 request->transfersize = 
min((request->bytecount-request->donecount),
(kgdb) print request
$1 = (struct ata_request *) 0xc31aaa8c
(kgdb) print length
$2 = 18
(kgdb) print request->donecount
$3 = 32928

after looking a bit I've found the following definition :
#define ATA_INSW_STRM(res, offset, addr, count) \
        bus_space_read_multi_stream_2(rman_get_bustag((res)), \
                                      rman_get_bushandle((res)), \
                                      (offset), (addr), (count))

which must be called in ata_pio_read(), but no man page for 
bus_space_read_multi_stream_2() !

could-there be a out of bound access from the ata-read function ?

This is with a fairly recent kernel (cvsupped this mornig), with the following 
ATA driver :
ulti-cur% ident /boot/kernel/kernel | grep ata
     $FreeBSD: src/sys/dev/ata/ata-all.c,v 1.208 2004/04/13 09:44:20 sos Exp $
     $FreeBSD: src/sys/dev/ata/ata-queue.c,v 1.26 2004/04/13 09:44:20 sos Exp$
     $FreeBSD: src/sys/dev/ata/ata-lowlevel.c,v 1.33 2004/04/19 18:29:43 sos 
Exp $
     $FreeBSD: src/sys/dev/ata/ata-isa.c,v 1.21 2004/04/13 09:44:20 sos Exp $
     $FreeBSD: src/sys/dev/ata/ata-card.c,v 1.23 2004/04/13 09:44:20 sos Exp $
     $FreeBSD: src/sys/dev/ata/ata-pci.c,v 1.81 2004/04/24 16:32:06 sos Exp $
     $FreeBSD: src/sys/dev/ata/ata-chipset.c,v 1.70 2004/04/24 15:54:20 sos 
Exp $
     $FreeBSD: src/sys/dev/ata/ata-dma.c,v 1.126 2004/04/13 09:44:20 sos Exp $
     $FreeBSD: src/sys/dev/ata/ata-disk.c,v 1.172 2004/04/13 09:44:20 sos Exp$
     $FreeBSD: src/sys/dev/ata/ata-raid.c,v 1.78 2004/02/18 21:36:51 phk Exp $
     $FreeBSD: src/sys/dev/ata/atapi-cd.c,v 1.165 2004/03/02 14:03:43 sos Exp$
     $FreeBSD: src/sys/dev/ata/atapi-fd.c,v 1.95 2004/03/01 13:17:07 sos Exp $
     $FreeBSD: src/sys/dev/ata/atapi-tape.c,v 1.90 2004/03/01 13:17:07 sos 
Exp$

The rip so far went to :
multi-cur% pushd /files3/tmp/kde-tfh/
/files3/tmp/kde-tfh ~
multi-cur% ll
total 6144
-rw-r--r--  1 tfh  wheel  6272828 Apr 27 20:07 kaudiocreatorIg5Lzf.tmp.part
multi-cur%

	TfH

enclosed : the dmesg
Received on Tue Apr 27 2004 - 09:56:04 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:52 UTC